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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 3 7 CFR 1.114, and the fee set forth in 3 7 CFR 1 . 1 7(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 6/26/2006 has been entered. 

Response to Arguments 

2. In response to communications filed on 7/25/2006, applicant has amended claims 1,13, 
and 20. The following claims 1-31 are presented for examination. 

3. Applicant's remarks, pages 11-13, filed on 6/26/2006, with respect to the rejection of 
claims 1-31 have been fully considered, but they are not persuasive. Applicant has amended the 
independent claims to recite "a single" encrypted record containing "only" a copied serial 
number and a first authorization level. Although the scope of the claims has changed in view of 
the amendment, the fact that the items being encrypted in the record are limited to two does not 
make the claimed invention distinctly patentable over the prior art because an extra item would 
not affect the claimed method. In addition, Beetcher discloses a single encrypted entitlement key 
containing only a serial number and entitlement bits that meets the recitation of single encrypted 
record containing only a serial number and a first authorization level as shown below. 
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"The key includes the serial number of the computer for which the 
software is- licensed, together with a plurality of entitlement bits 
indicating which software modules are entitled to run on the machine . " (see 
abstract) 

Applicant mentions ihat the claimed invention is different from the prior art because the 
prior art discloses more "fields or bits" of data than the claimed invention. Examiner would like 
to clarify that the claimed serial number and authorization level of the claimed invention when 
read by the computer represent also many fields of data and bits of information. Therefore, 
applicant has not overcome the rejection by amending the claims, and claims 1-3 1 remain 
rejected in view of the prior art. 

Claim Rejections - 35 USC §103 
4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

Claims 1-31 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
5,933,497 to Beetcher et ah in view of US Patent 6,526,512 to Siefert et aL 
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As per claims 1 and 20, Beetcher et al. discloses a method of security comprising the 
steps of: enabling a computer system to execute a software module with an encrypted entitlement 
key containing a serial number and entitlement bits that meets the recitation of a) enabling an 
electronic device to run a controlled application with a single encrypted record containing only a 
copied serial number and a first authorization level, for example (see abstract); Beetcher et al. 
discloses that each customer receives an entitlement key enabling the customer to run only those 
software modules to which he is entitled (column 4, lines 40-45) that meets the recitation of 
wherein said first authorization level authorized said electronic device to run controlled 
applications having authorization levels not exceeding said first authorization level. Beetcher 
also discloses other entitlements such as charge group, key type, serial number of the machine, 
and product entitlement field assigned to the device (see column 6, lines 20-40). In another 
embodiment, Beetcher discloses in column 7, lines 1-16, other authorization levels that are 
hardware specific assigned to said electronic device. There is suggestion in column 2, lines 49- 
53 that other entitlement may also be machine specific entitlement or authorization level 
assigned to a machine to make sure that a software is authorized to run on a specific machine, b) 
verifying said electronic device is correctly enabled, for example (see column 6, line 65 through 
column 7, line 47); and c) verifying said first authorization level is of sufficient authority to run 
said controlled application on said electronic device, for example (see column 6, line 65 through 
column 7, line 47); and wherein a second authorization level of said controlled application does 
not exceed the first authorization level (column 7, lines 1-65). Beetcher et al suggests to add 
protection by using entitlement that contains machine specific information and encoding it into 
the software itself Siefert et al. in an analogous art teaches key codes containing authorization 
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levels (column 2, lines 40-65) and the key codes (authorization levels) are assigned to an 
electronic device and authorizes said electronic device to run controlled applications having 
authorization levels not exceeding said first authorization level (see column 4, line 44 through 
column 5, line 55). Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the method of Beetcher et al to include the step of 
wherein the first authorization level is. assigned to the electronic device and authorizes the 
electronic device to run controlled applications having authorization levels not exceeding the 
first authorization level as taught by Siefert et al (see column 4, line 44 through column 5, line 
55). One of ordinary skill in the art would have been motivated to do so because the teaching of 
Siefert provides detecting and controlling any program that is required to pass the security 
process by doing the following: when a program launch is requested, running a key code process 
of comparing the key code of the computer with that of the program to be run in order to 
authorize execution of the program upon meeting predetermined criteria. One of ordinary skill 
in the art would have recognized the advantage of preventing hacker from learning the identities 
of the key codes and preventing hacker from learning how the security process run by assigning 
key codes (authorization levels) to both the computer and the program by a match determination 
process and using region of memory non-accessible to users to store the key codes (authorization 
levels) as suggested by Siefert et al (column 7, lines 15-25 and column 7, line 50 through 
column 8, line 35 and column 8, lines 50-67). 

As per claims 2, 14, and 21, Beetcher et al. discloses the limitation of wherein step a) 
comprises the steps of: al) fetching a serial number uniquely associated with said electronic 
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device, said serial number located on said electronic device, for example (see column 7, line 47); 
a2) copying said serial number, forming said copied serial number that is identical to said serial 
number, for example (see column 6, lines 20-40); a3) creating a record that contains said copied 
serial number and said first authorization level, said first authorization level previously assigned 
to said electronic device, for example (see column 6, lines 20-40); a4) encrypting said record, 
forming said encrypted record, for example (see column 4, lines 57-65 and column 8, lines 53- 
65); and a5) storing said encrypted record in said electronic device, for example (see column 8, 
lines 53-65). These claims are also rejected on the same rationale as the rejection of claim 1 for 
reciting "said first authorization level previously assigned to said electronic device". 

As per claims 3 and 22, Beetcher et ah discloses the limitation of wherein step b) 
comprises the steps of: bl) locating said encrypted record, for example (see column 9, line 40 
through column 10, line 20); b2) decrypting said encrypted record, if said encrypted record is 
located, for example (see column 9, line 40 through column 10, line 20); b3) reading said copied 
serial number from said encrypted record, if said encrypted record is successfully decrypted; 
b4) fetching said serial number, for example (see column 9, line 40 through column 10, line 20); 
and b5) comparing said serial number and said copied serial number, for example (see column 9, 
line 40 through column 10, line 20 and column 13, lines 1-8). 

As per claims 4 and 23, Beetcher et al. discloses the limitation of wherein step b) 
comprises the further step of executing said controlled application on said electronic device, said 
controlled application having controlled attributes, for example (see column 6, lines 40-67); 
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As per claims 5, 12, 24, and 31, the combination of Beetcher et al and Siefert et al 

discloses the limitation of wherein said step c) comprises the steps of: cl) reading said first 
authorization level from said encrypted record that is decrypted, if said serial number and said 
copied serial number match, for example (see Beetcher et al, column 9, lines 40-67 and column 
10, lines 20-67); c2) comparing said first authorization level with a second authorization level 
assigned to said controlled application (Beetcher et al, column 10, lines 40-4 and column 7); and 
c3) allowing access to said controlled attributes of said controlled application, if said first 
authorization level is of an equal or higher authorization level than said second authorization 
level, for example (see Beetcher et al, column 10, lines 20-47 and column 4, lines 34-46). 
Siefert et al also discloses comparing first authorization level with second authorization level to 
authorize the computer to run controlled applications as discussed in claim 1 . Therefore, these 
claims are also rejected on the same rationale as the rejection of claim 1 . 

As per claims 6, 15, and 25, Beetcher et al. discloses the limitation of wherein step a) is 
performed with object code instructions that meet the recitation of an enabler application, said 
enabler application enabling said electronic device to run applications having authorization 
levels equal to or lower than said first authorization level, for example (see column 8, lines 48-67 
and column 4, lines 34-46). 

As per claims 8, 9, 18, 19, 27, and 28, the combination of Beetcher et al and Siefert et 

al discloses the limitation of comprising the further step of: aborting said application and 
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denying access if any of the following conditions are met: said encrypted record is not 
successfully located in step bl) ; said encrypted record is not successfully decrypted in step b2); 
said serial number and said copied serial number do not match in step b5); or said first 
authorization level is of a lesser value than said second authorization level in step c2) , for 
example (see Beetcher et al, column 8, lines 48-67 and column 4, lines 34-46 and column 10, 
lines 20-67). 

Claims 13 and 16 contain some of the limitations of the rejected claims 1-5. Therefore, 
claims 13 and 16 are rejected on the same rationale as the rejection of claims 1-5. 

As per claim 17, Beetcher et al. discloses the limitation of wherein the same 
encryption/decryption protocol is used in performing steps c) and m), for example (see column 
13, lines 5-18). 

As per claims* 7 and 26, Beetcher et al. substantially teaches the claimed method of 
claims 6 and 25. Beetcher et al. does not explicitly teach removing said enabler application 
from said electronic device after successfully completing step a). However, Siefert et al. in an 
analogous art teaches control access to enhance security of resources where a match 
determination process can take actions of erasing part or all of the program to defeat running of 
the program, for example (see column 7, lines 35-40). Siefert et al. also adds, hiding 
process/codes or removing or placing them in separate memory or non-accessible memory 
locations can prevent hackers to trace the logic of codes, for example (see column 7, line 40 



Application/Control Number: 09/844,924 Page 9 

Art Unit: 2136 

through column 8, line 5). Therefore, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the method of Beetcher et al. to remove said 
enabler application from said electronic device after successfully completing step a) as taught. by 
Siefert et al. One skilled in the art would have been lead to make such a modification because it 
would make the security process non accessible to hackers, as suggested by Siefert et al for 
example (see column 7, line 40 through column 8, line 35). 

As per claims 10-11 and 29-30, Beetcher et al. discloses locking in memory the version 
number the product number, serial number etc. and also discloses codes stored in read-only 
memory (ROM) to make it not capable of alteration by customers, for example (see column 7, 
lines 15-30 and column 9, lines 49-67). It is well known in the art of computer security that 
computers have flash memory and using a flash memory will not depart from the spirit and scope 
of the invention of Beetcher et al.. Siefert et al. also discloses using read-only memory (ROM) 
for the encrypted data and serial number. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to store said encrypted record and 
serial number in locked flash record in said electronic device as suggested by Beetcher et al. 
One skilled in the art would have been lead to make such a modification to prevent alteration of 
these data by customers. 
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Conclusion 



5. 



Any inquiry concerning this communication or earlier communications from the 



examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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